unexpected output from debug command

Unanswered Question
Sep 19th, 2007
User Badges:

I am trying to troubleshooting a routing issue and decided to setup an access-list that specifies two host IP addresses to see what is going on. I do something like this:

access-list 199 permit ip host 1.1.1.1 host 2.2.2.2

access-list 199 deny ip any any

term mon

debug ip packet 199 detail


After I do this I get a flood of debug messages that do not match the 199 ACL. It seems like ALL traffic going thru the router is being shown in the debug instead of just packets from 1.1.1.1 to 2.2.2.2


Any ideas on why this is happening?


Thanks,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Wed, 09/19/2007 - 19:02
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

It's displaying the denies as well. If you want to only see debug messages for connection to host 1.1.1.1 from host 2.2.2.2, remove the last entry. An implicit deny will take care of it.

DIEGO ALONSO Thu, 09/20/2007 - 05:57
User Badges:

It doesn't appear to be the deny. I recreated that ACL without the deny and some deluge of debug info. I went further and actuall used a couple bogus IPs and still the deluge of debug info. It seems that the debug is simply ignoring the ACL even though a "show debug" shows the debug command with the ACL. Wow, maybe a bug in my particular IOS version? It is 12.3(6a)

Actions

This Discussion